UNIX and UNIX-based operating systems, including LINUX, support multiple types of user registries where user account and user group identification number and management data are stored. Examples of such user registries include the local user registry (i.e., the/etc/passwd file), Lightweight Directory Access Protocol (LDAP) registry, Network Information Service (NIS) registry, and Distributed Computing Environment (DCE) registry. A single operating system or instance of an operating system may be configured to have user accounts in one or more registries. Disadvantageously, when an administrator creates a user account or user group, the numeric identification number assigned to the user account or user group may not be unique across all registries of the computing environment. Present user management interfaces for UNIX and UNIX-based operating systems only ensure that an identification number for a new user account or group is unique within the registry in which the account or group is created.
Since a UNIX-based operating system treats user accounts having the same user identification number as the same user, if user accounts in different registries are assigned the same user identification number, these users may be able to access each others' files. The problem may be even more widespread if two user groups in different registries are assigned the same identification number. In this event, all members of a user group may have access to more resources than intended. Typically, system administrators must provide their own solutions to the problem of assigning unique identification numbers to users accounts and groups across multiple registries. This is a difficult task in a clustered computing environment with multiple registries and multiple operating systems or multiple instances of operating systems running on multiple computing nodes. Such administrator-provided management of identification numbers is prone to data input errors. Also, this approach may be inconsistent, unreliable, and difficult to use because it is not integrated into the operating system.
Thus, there is a need for a method of detecting collisions between a candidate identification number for new user account or new user group and identification numbers already assigned to existing user accounts or groups in a computing environment having multiple user registries.